Get Client Real IP on Container Behind AWS ALB

Question

I have single container running in an EC2 instance behind an AWS Application Load Balancer.

The container is running using network_mode=host and displaying a simple JSON of the Request Info and Headers. Problem is, I don't get the Client Real IP. Instead, I get an internal IP in the X-Forwarded-For Header.

Also:

ALB Scheme is Internal
We use an enterprise proxy

What am I missing?

The JSON response:

    {
  "path": "/",
  "headers": {
    "x-forwarded-for": "10.XXX.XX.XX",
    "x-forwarded-proto": "http",
    "x-forwarded-port": "80",
    "host": "test.com",
    "x-amzn-trace-id": "Root=1-XXXXXXX",
    "cache-control": "max-age=0",
    "upgrade-insecure-requests": "1",
    "user-agent": "Mozilla/5.0 ...",
    "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3",
    "accept-encoding": "gzip, deflate",
    "accept-language": "en-US,en;q=0.9",
    "cookie": "XXXX"
  },
  "method": "GET",
  "body": "",
  "fresh": false,
  "hostname": "test.com",
  "ip": "::ffff:10.YYY.YY.YY",
  "ips": [],
  "protocol": "http",
  "query": {},
  "subdomains": [
    "test"
  ],
  "xhr": false,
  "os": {
    "hostname": "ec2-instance"
  }
}

I'm using this very simple webserver: https://github.com/mendhak/docker-http-https-echo — Akram Fares, Jan 21 '20 at 01:31
if your scheme is internal, the x-forward-for suppose to be the private IP address right. what IP are you expecting? when you say client, are they internal to the network or external (internet) — Arun K, Jan 21 '20 at 04:44

score 0 · Accepted Answer · answered Jan 24 '20 at 18:02

0

Answering my own question.

It happened that there is a NLB in front of out internal LoadBalancer.

answered Jan 24 '20 at 18:02

Akram Fares

1,594
1
15
30

Get Client Real IP on Container Behind AWS ALB

1 Answers1